Beta Downloads

Warning

The downloads on this page are not yet ready for general-purpose production use. We’d love to hear what works and what doesn’t (that’s why they’re posted here), but don’t use them in any situation where failure could result in consequences that you’re unwilling to accept. For example, don’t use them with wallets that contain coins or names that you aren’t willing to sacrifice to science.

The more people test these downloads, the faster they’ll be ready for release. However, there are no guarantees of when, or if, these downloads will be released in final form.

As usual, it is a good idea to verify the hashes and signatures of these downloads (especially the ones not hosted on namecoin.org). The more people reproduced the hashes, the better. If you’re paranoid, run them inside an isolated virtual machine.

Things to Test

The above with encrypted locked, encrypted unlocked, and unencrypted wallets.

Known Issues

Windows builds not working (should be fixed in Beta 2)

macOS builds not working (should be fixed in Beta 2)

ConsensusJ-Namecoin

This is a lightweight SPV client that acts as a drop-in replacement for Namecoin Core’s name lookup functionality (e.g. for browsing .bit domains with ncdns). It synchronizes faster and uses less storage than Namecoin Core, but trusts Namecoin miners more than Namecoin Core does.

You need to have Java installed:

If you’re using GNU/Linux, use your package manager.

If you’re using Windows, download it from the Oracle website. Make sure you right-click the .exe installer, click Properties, and click Digital Signatures. It should be signed by Oracle America, Inc. If it is not, do not install it.

We’re not sure about OS X. If anyone can contribute instructions for OS X, let us know.

ncdns

The ncdns Windows installer also automatically installs and configures a Namecoin client (Namecoin Core or ConsensusJ-Namecoin) and Dnssec-Trigger/Unbound, and sets up TLS certificate validation in any supported web browsers that are installed (see documentation for a list of supported browsers). It’s basically all you need for browsing .bit domain names.

ncdns plain binaries are also available for most major operating systems. These are useful for advanced users or for users who are not on Windows. Using these will require setting up Namecoin Core and a recursive DNS resolver (e.g. Unbound) separately; they can sometimes be used for TLS certificate validation, but additional setup is required.

Known Issues

Build is not yet reproducible.

cross_sign_name_constraint_tool

This tool applies a name constraint exclusion to a DER-encoded TLS trust anchor via cross-signing, without that trust anchor’s consent. The intended use case is to disallow a CA from issuing certificates for a domain name that it has no legitimate business issuing certificates for. For example:

Disallowing a public CA from issuing certificates for the .bit TLD used by Namecoin.

Disallowing a public CA from issuing certificates for a TLD controlled by your corporate intranet.

Namecoin users will probably want to use cross_sign_name_constraint_tool to disallow any non-Namecoin CA’s that they have manually imported to their system from signing .bit certificates. For CA’s that are on your system by default, you probably instead want tlsrestrict_nss_tool (see below) or tlsrestrict_chromium_tool (bundled with ncdns, see above).

Known Issues

Build is not yet reproducible.

tlsrestrict_nss_tool

This tool applies a name constraint exclusion to an NSS sqlite database for all CKBI (built-in) TLS trust anchors, without those trust anchors’ consent. The intended use case is to disallow public CA’s from issuing certificates for TLD’s with unique regulatory or policy requirements, such as:

The .bit TLD used by Namecoin.

A TLD controlled by your corporate intranet.

Namecoin users will probably want to use tlsrestrict_nss_tool to disallow all CA’s that are on their system by default from signing .bit certificates. For CA’s that you manually imported yourself, you probably instead want cross_sign_name_constraint_tool (see above).

Known Issues

This tool will probably prevent HPKP from working as intended, unless HPKP is applied to user-defined trust anchors. Firefox is capable of doing this (though it’s not the default); Chromium is not (as far as we know).

Build is not yet reproducible.

dns-prop279

This is a tool that permits Namecoin naming (or any other naming method that speaks the DNS protocol) to be used with Tor, via the draft Prop279 pluggable naming API. .bit domains can point to IP addresses (A/AAAA records), DNS names (CNAME records), and onion services.

dns-prop279 doesn’t properly return error codes; all errors will be treated as NXDOMAIN.

dns-prop279 hasn’t been carefully checked for proxy leaks.

Using dns-prop279 will make you stand out from other Tor users.

Stream isolation for streams opened by applications (e.g. Tor Browser) should work fine. However, stream isolation metadata won’t propagate to streams opened by the DNS server. That means you should only use dns-prop279 with a DNS server that will not generate outgoing traffic when you query it. ncdns is probably fine as long as it’s using a full-block-receive Namecoin node such as Namecoin Core or libdohj-namecoin in leveldbtxcache mode. Unbound is not a good idea.

Nothing in dns-prop279 prevents the configured DNS server from caching lookups. If lookups are cached, this could be used to fingerprint users. ncdns has caching enabled by default.

DNSSEC support hasn’t been tested at all, and is probably totally unsafe right now. Only use dns-prop279 when you fully trust the configured DNS server and your network path to it.